Apple’s latest iOS update fixes a flaw in its notification database that made it doable for regulation enforcement to view deleted push notifications on an individual’s iPhone or iPad. The safety flaw was a technique regulation enforcement businesses just like the FBI may circumvent Apple’s strict stance in direction of person privateness, the Electronic Frontier Foundation writes, significantly because the firm has required a court order to share notification knowledge since 2023.
In line with Apple’s replace notes, iOS 26.4.2 introduces “improved knowledge redaction” to deal with a difficulty the place “notifications marked for deletion might be unexpectedly retained on the system.” The replace is on the market now on “iPhone 11 and later, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad eighth technology and later and iPad mini fifth technology and later,” Apple says.
The FBI’s use of this specific iOS notification flaw was first reported on by 404 Media, who realized the company used a software to entry Sign notification knowledge saved regionally on an iPhone even after it was deleted. Sign CEO Meredith Whitaker later acknowledged the issue on Bluesky, writing that “notifications for deleted [messages] should not stay in any OS notification database, and we have requested Apple to deal with this.” On the time, Whitaker directed Sign customers to regulate their settings in order that push notifications from the app didn’t embody the title of the messenger or message content material. In response to immediately’s information, Signal said on Bluesky that it’s “very completely satisfied that immediately Apple issued a patch and a safety advisory.”
The privateness of your notifications is susceptible in at the very least two locations, in line with the EFF. Within the cloud, the place they get routed by means of an organization’s servers and sure partially logged in metadata, and on the native storage of the cellphone the place they’re obtained. Apple’s replace ought to ideally make deleted notifications appropriately inaccessible, however limiting what’s really seen in notifications within the first place can also be value contemplating.
Replace, April 22, 6:40PM ET: This story was up to date after publish to incorporate remark from Sign.
